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DETAILED ACTION 

Claim Objections 

1 . Claim 12 needs revision as it is dependent upon claim 3, despite being separated 
from claim 3 by another independent claim and its dependents. A series of singular 
dependent claims is permissible in which a dependent claim refers to a preceding claim 
which, in turn, refers to another preceding claim. 

A claim which depends from a dependent claim should not be separated by any 
claim which does not also depend from said dependent claim. It should be kept in mind 
that a dependent claim may refer to any preceding independent claim. In general, 
applicant's sequence will not be changed. See MPEP § 608.01 (n). 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 1, 2 and 14-16 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Chen et al, US Patent 7096204 (hereinafter referred to as Chen). 

Regarding claim 1, Chen specifically discloses a method of conducting a 
transaction between a first entity and a second entity where as part of the transaction 
the second entity or an examination agent operating 
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on behalf of the second entity requires information to assess a level of risk 
associated with transacting with the first entity, the method comprising the steps of: 

a) a data processor acting on behalf of the first entity requesting a data processor 
acting on behalf of the second entity to provide data about itself; (abstract, figure 6, 
column 1 lines 42-68, claim 1) 

b) the data processor (trusted computing platform [see abstract, column 1 lines 
42-58]) acting on behalf of the first entity analysing the response and determining an 
assessment of trust of the data processor operating on behalf of the second entity; 
(figure 6, column 1 lines 42-68, colum 9 50-65. claim 1) 

c) defining a pseudonymous identity for the first entity; and (abstract, column 1 
lines 42-68, claim 1) 

d) providing data about the first entity to the second entity where data is 
selectively withheld or generalised in response to the assessment of trust, (column 1 
line 42 - column 2 line 10, claim 1, claim 11). 

With regards to claim 2, Chen discloses a method of conducting a transaction as 
claimed in claim 1 , in which the method further comprises the step of entering into a 
contract for the transaction based on data provided about the first entity such that the 
identity of the first entity remains unknown to the second entity (abstract, column 1 line 
42-68. claim 1). 

Regarding claim 14, Chen discusses an apparatus for conducting a transaction 
comprising a first data processor acting on behalf of a second entity, and where as part 
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of the transaction the second entity or an examination agent operating on behalf of the 
second entity requires information to assess a level of risk associated with transacting 
with the first entity, wherein: 

a) the first data processor requests the second data processor to provide 
information about itself and the policies of the second entity; (abstract, figure 6, column 
1 lines 42-68, claim 1) 

b) the first data processor analyses the response and assesses the amount of 
trust that should be attributed to the second data processor and/or the second 
entity (figure 6, column 1 lines 42-68, column 9 50-65. claim 1) 

c) the first data processor defines a pseudonymous identity for the first entity; 
and (abstract, column 1 lines 42-68, claim 1) 

d) the first data processor provides information about the first entity to the 
second data processor where information is associated with the 
pseudonymous identity and information is selectively withheld or 
generalised in response to the assessment of the amount of trust attributed to 

the second data processor (column 1 lines 42-column 2 line 10, column 2 lines 24-3\ 
claim 1, claim 11). 

With regards to claim 15, Chen clearly discloses an apparatus as claimed in 
claim 14, in which the first computer executes a policy agent which controls how 
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information relating to the first entity is disclosed, (column 1 line 59 - column 2 line 10, 
column 2 lines 24-31). 



Regarding claim 16, Chen discloses an apparatus as claimed in claim 14, in which the 
first computer has a trusted platform module which generates a user identity which can 
be used to confirm the identity of the first entity, (column 1 lines 42-58, claim 1). 



Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 3-5, 7-8, and 1 2 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Chen as applied to claims 1 and 2 above, and further in view of 
Maury et al, US PGPub 2002/004064 (hereinafter referred to as Maury). 

Regarding claim 3, Chen discloses the method of claim 1 , but does not discuss 
the additional limitation of the purchase of insurance or the evaluation of user data for 
the purposes of pricing an insurance policy. Maury discloses a method for selling 
insurance products (abstract) which includes the step of sending user data to an 
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evaluation server which places the user in a risk tier (abstract, figure 6, paragraph 
[001 1]), then sending this information to a rating server which provides a policy "quote" 
(service price) for the user (figure 6, paragraph [001 1]). It would have been obvious to 
one of ordinary skill in the art at the time of the invention to combine the secure 
transaction process of Chen with the insurance service provider of Maury to offer a 
higher level of security to potential customers while ensuring that the potential customer 
is in possession of their identifying information. 

With regards to claims 4 and 12, the method of claim 3 as discussed above 
further comprising the limitation of being able to correlate the pseudonymous identity 
with the first identity for the purposes of claim collection. Maury first discusses a client 
number which is given to the user at the time of quote generation and is then stored in a 
database alongside the user's personal data (abstract, [0012], claim 1). Additionally 
Maury discloses a number generated by the host application which is to be used by the 
customer to identify his or herself during calls to customer service representatives (fig 6, 
fig 7, [0038], [0040]). It would have been obvious to one of ordinary skill in the art at the 
time of invention to combine Chen with the numbering of Maury, because contacting a 
customer service representative is a necessary part of the insurance claim process, and 
providing a specific number to customers for reference, not only expedites the customer 
service process but provides an additional level of security for customer's personal 
information. 

Regarding claim 5, Chen describes the method of claim 1 and also discusses the 
use of a trusted computing platform which can be demonstrated to be reliable, to the 
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user (fig 1 , column 2 lines 1 0-1 3). Maury discloses the generation of username and 
password for a customer ( fig 9, [0010], [0044]) as well as the application module used 
for customer numbering system discussed in regards to claims 4 and 12 (fig 6, fig 7, 
[0038], [0040]). It would have been obvious to one of ordinary skill in the art at the time 
of invention to combine the two in order to provide a high level of security for customer 
personal information while maintaining a strong correlation between the user's identities 
for the insurer. 

Regarding claim 7, Chen discloses the method of claim 1 but does not discuss a 
policy agent which interacts with an examination agent in order to negotiate a policy. 
Maury discusses an on-line interface which accepts user data and transmits this to a 
quotation tool which evaluates the data and helps the customer decide which insurance 
products best suit his or her needs (fig 3, [0009], [001 1]). It would have been obvious to 
one of ordinary skill in the art at the time of invention to combine Chen with the 
insurance selection tool of Maury in order to increase the level of transaction security 
provided by the system. 

With regards to claim 8, the method of claim 5 as discussed above further 
comprising the steps of authenticating between the policy agent and the examination 
agent, for the purposes of correlating user identities. Maury discloses the secure 
examination of communications between the web-application and the various servers 
(including database and rating server) user for examination ([0034]). The web- 
application also assigns an application number to the client for the purposes of 
correlating between username and true identity (fig 6, fig 7, [0038], [0040]). It would have 
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been obvious to one of ordinary skill in the art at the time of the invention to combine the 
two in order to improve the security of customer information during the transaction 
process. 

5. Claims 6 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Chen as applied to claim 1 above, and further in view of Cammisch et al, US PGPub 
2002/0103999 (hereinafter referred to as Cammisch). 

Regarding claim 6, Chen discloses the method of claim 1 , as well as disclosing a 
trusted computing platform (column 2 lines 10-12) but does not disclose the further 
limitation of an agent which defines how information about the user can be disclosed. 
Cammisch discloses a system in which user information is not disclosed except under 
certain circumstances ([0008], [0009], [0025]-[0028]). It would have been obvious to one 
of ordinary skill in the art at the time of invention to combine the invention to offer 
greater anonymity to the user while improving system security. 

With regards to claim 9, Chen discloses the method of claim 1 , but does not 
discuss the distribution of data based on user's security policy. Cammisch describes a 
system in which the user can choose which organizations will receive different types of 
credentials from him or her ([0009]-[0010]). It would have been obvious to one of 
ordinary skill in the art at the time of invention because it would improve the level of user 
anonymity and overall information security. 
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6. Claims 10-11, and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Chen in view of Maury as applied to claiml above, and further in view of 
Cammisch. 

Regarding claim 10, Chen discloses a method of conducting a transaction 
between a vendor and a buyer via a third party via a trusted computing platform 
(abstract, column 1 lines 42-58). Chen also discusses a data processor performing an 
analysis of trust on another entity (figure 6, column 1 lines 42-68, column 9 50-65. claim 
1 ). Maury discloses the steps of an insurer making its conditions for insurance available 
to a user both by asking the user to enter personal information and providing insurance 
quotes back to the user , to which the user makes this information known by entering 
the data([0009]-[001 1], [0024]-[0025]). The entered data is then analyzed by the 
insurance system to determine what the premium to be paid by the customer will be 
(abstract, figs 4, 6, 7, [0010] - [001 1]). What is not disclosed by Chen and Maury are 
the limitations of making the insurance policy information available to a third party, 
validating that a policy has been issued, the policy agent's ability to determine 
disclosure of customer information, and examining the trustworthiness of the third party. 

These limitations are addressed by Cammisch who discloses a method of 
anonymous credential verification. Using this method, Cammisch describes a scenario 
involving sale of insurance through the third party system, in which the insurance 
company requires verification of a driver's license certificate as a condition for obtaining 
insurance ([0024]-[0028]. Once the customer has purchased insurance, validation of 
this fact is done by a show of a credential by the customer to the potential vendor 
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([0026]-[0027]). Purchase of credentials is made by the customer through the third 
party, which negotiates the transmission of public/private keys between the two, 
informing the customer of what information (credentials) the organization needs for 
verification and informs the organization that the customer has met requirements and a 
new credential should be issued to them ([0016]-[0018]). User information is not 
disclosed by the system except under certain circumstances ([0008], [0009], [0025]- 
[0028]). It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the third party transaction method of Chen, with the insurance 
purchasing method of Maury, and the secure third party verification system of 
Cammisch in order to increase information integrity for the customer, as well as 
reducing risk of fraud for the insurance company which in turn will reduce costs. 

Regarding claim 1 1 , the method of claim 10 as discussed above further 
comprising the limitations of conducting the steps electronically to a trusted computing 
platform which creates a reusable identity for confirming the real identity of the user. 
Chen discloses an "Electronic Commerce System" (title) utilizing a trusted computing 
platform (abstract, column 1 lines 42-58, column 2 lines 10-13). ). Maury discloses the 
generation of username and password for a customer ( fig 9, [0010], [0044]) as well as 
the application module used for customer numbering system discussed in regards to 
claims 4 and 12 (fig 6, fig 7, [0038], [0040]). It would have been obvious to one of 
ordinary skill in the art at the time of invention to combine the two in order to provide a 
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high level of security for customer personal information while maintaining a strong 
correlation between the user's identities for the insurer. 

Regarding claim 13, the method of claim 10 as discussed above comprising the 
further limitations of a pseudonymous identity which provides pseudonymous 
information to the insurer for use in identification validation. Maury discloses the 
generation of username and password for a customer (fig 9, [0010]). Additionally, 
Maury discusses a client number which is given to the user at the time of quote 
generation and is then stored in a database alongside the user's personal data 
(abstract, [0012], claim 1). There is also a number generated by the host application 
which is to be used by the customer to identify his or herself during calls to customer 
service representatives (fig 6, fig 7, [0038], [0040]). It would have been obvious to one 
of ordinary skill in the art at the time of the invention to combine the two in order to 
provide a high level of security for customer personal information while maintaining a 
strong correlation between the user's identities for the insurer. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ALLISON W. GAUL whose telephone number is 
(571)270-3616. The examiner can normally be reached on Monday through Friday 7:30 
am to 5:00 pm EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Charles Kyle can be reached on 571-272-6746. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Allison W Gaul/ 
Examiner, Art Unit 4194 
March 1 1 , 2008 

/Charles R. Kyle/ 



Supervisory Patent Examiner, Art Unit 4194 



